Unblocking Smart Canvas Features for Client-side Encrypted Docs: An Internship Experience with Google Workspace; The Cost of Free: The Power Dynamics of a Data-Driven Economy

If you are online, your data is being collected – it is critical to know what is going on behind the scenes to preserve your autonomy. During my internship, I experienced writing software with a privacy emphasis first-hand as I enabled Smart Canvas features for Google Docs Client-side encryption (CSE). This project was in alignment with the CSE team’s goal of reaching feature parity with non-CSE Docs, to ensure users with heightened data security needs have the same product quality. In my STS research paper, I explore the power dynamics surrounding data safety and responsibility among data brokers, software developers, users, and the US government. The goal was to identify who or what was responsible for the lack of action on data privacy reform and to explore what users could do within this network. My technical project represents a security-first approach that exceeds conventional standards, aiming to guard sensitive data with exceptional care. However, the solutions offered by the CSE team are not practical for every user; engineers still have a duty to protect all user data, but trading the strictest protections for more features and low monetary cost is the currently accepted practice.
Google Workspace CSE adds an additional encryption layer for clients dealing with sensitive data like healthcare and financial records or intellectual property, but as a result not all Docs features are available. Thus, enabling Smart features like drop-downs, emojis, and chips was an important project to improve efficiency and unblock privacy-conscious customers. Leveraging JavaScript, Java, and the Chrome Debugger, I executed code changes and evaluated the codebase for violations of the CSE Content Security Policy.
The result of this project was proof that enablement of some Smart Canvas features for CSE customers was possible and improved efficiency. At the same time, this project proved that other features like chips involving email or calendar data would require more complete rewrites to continue to provide the utmost security to CSE customers. Beyond a phased release of drop-downs, emojis, and some chips, the @ insert menu was enabled and the team was left with a better idea of next steps for unlocking all Smart Canvas features. These results are key to shaping a CSE user experience that more closely aligns with the Docs experience, while still maintaining the high level of security CSE customers require.
My STS research paper seeks to answer the question: “Who currently holds the power, and the duty, to protect user privacy in an economy reliant on data?” Data privacy is a critical and widespread issue, as the choices made by software companies and lawmakers affect us all. However, many people remain broadly concerned without taking the time to educate themselves, which allows engineers and legislators to persist in their inaction regarding data protection. I use Actor Network Theory to address the complex dynamics between data companies, engineers, users, and government, as they seek to create, regulate, and use software systems. In addition to this technical framework, I use a literature review as my research method, focusing on prior work about the privacy-personalization paradox and using Apple Tracking Transparency (ATT) and the US government’s opposition to TikTok as case studies.
The ATT case proved that individual software companies can only do so much to protect the average user without a widespread movement towards higher security standards. Further, the TikTok case emphasized the government’s indifference towards mass data collection, so long as it is US companies that are collecting the data. In essence, my findings were that no single piece in this network can create change on their own, rather, it will take the collaboration of several powerful actors to make the internet a safer place for users. While engineers and government officials have a duty to protect their users and citizens respectively, the public must not forget their power to choose what software companies have earned their trust, money, and attention.

School of Engineering and Applied Science

Bachelor of Science in Computer Science

Technical Advisor: Rosanne Vrugtman

STS Advisor: Pedro Augusto Francisco